public HttpResponseMessage Get(string smsNumber, string code) { RsaKeyPairGenerator r = new RsaKeyPairGenerator(); r.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new Org.BouncyCastle.Security.SecureRandom(), 2048)); AsymmetricCipherKeyPair keys = r.GenerateKeyPair(); string publicKeyPath = Path.Combine(Path.GetTempPath(), "publicKey.key"); if (File.Exists(publicKeyPath)) { File.Delete(publicKeyPath); } using (TextWriter textWriter = new StreamWriter(publicKeyPath, false)) { PemWriter pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(keys.Public); pemWriter.Writer.Flush(); } string certSubjectName = "UShadow_RSA"; var certName = new X509Name("CN=" + certSubjectName); var serialNo = BigInteger.ProbablePrime(120, new Random()); X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator(); gen2.SetSerialNumber(serialNo); gen2.SetSubjectDN(certName); gen2.SetIssuerDN(new X509Name(true, "CN=UShadow")); gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0))); gen2.SetNotAfter(DateTime.Now.AddYears(2)); gen2.SetSignatureAlgorithm("sha512WithRSA"); gen2.SetPublicKey(keys.Public); Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(keys.Private); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); X509CertificateEntry certEntry = new X509CertificateEntry(newCert); store.SetCertificateEntry(newCert.SubjectDN.ToString(), certEntry); AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private); store.SetKeyEntry(newCert.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { certEntry }); using (MemoryStream ms = new MemoryStream()) { store.Save(ms, "Password".ToCharArray(), new SecureRandom()); var resp = new HttpResponseMessage(HttpStatusCode.OK) { Content = new ByteArrayContent(ms.ToArray()) }; resp.Content.Headers.Add("Content-Type", "application/x-pkcs12"); return resp; } }
/// <summary> /// Gets the PEM for the Private Key from the Asymmetric Key Pair. /// </summary> /// <param name="keys"></param> /// <returns></returns> public static String GetPrivateKey(AsymmetricCipherKeyPair keys) { TextWriter textWriter = new StringWriter(); PemWriter pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(keys.Private); pemWriter.Writer.Flush(); return textWriter.ToString(); }
//https://www.rahulsingla.com/comment/219809 public static RSAEncodedKeyPair GenerateRSAKeyPair(int strength = 1024) { RsaKeyPairGenerator g = new RsaKeyPairGenerator(); g.Init(new KeyGenerationParameters(new SecureRandom(), strength)); var pair = g.GenerateKeyPair(); string privateKey = ""; string publicKey = ""; using (var sw = new System.IO.StringWriter()) { var pw = new PemWriter(sw); pw.WriteObject(pair.Private); privateKey = sw.ToString(); } using (var sw = new System.IO.StringWriter()) { var pw = new PemWriter(sw); pw.WriteObject(pair.Public); publicKey = sw.ToString(); } return(new RSAEncodedKeyPair() { PrivateKey = privateKey, PublicKey = publicKey }); }
/// <summary> /// Creates a new X509 certificate and returns its data in PEM format /// </summary> public string GenerateNewCertificatePEM() { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA"); var subjectDN = new X509Name("cn=Unknown"); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date.AddYears(-10)); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(50)); var keyGenerationParameters = new KeyGenerationParameters(random, 2048); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); X509Certificate cert = certificateGenerator.Generate(subjectKeyPair.Private); using (var writer = new StringWriter()) { var pemWriter = new OpenSsl.PemWriter(writer); pemWriter.WriteObject(new PemObject("CERTIFICATE", cert.GetEncoded())); pemWriter.WriteObject(subjectKeyPair.Private); return(writer.ToString()); } }
/// <summary> /// RSA密钥转Pem密钥 /// </summary> /// <param name="RSAKey">RSA密钥</param> /// <param name="isPrivateKey">是否是私钥</param> /// <returns>Pem密钥</returns> public static string RSAKeyToPem(string RSAKey, bool isPrivateKey) { string pemKey = string.Empty; var rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(RSAKey); RSAParameters rsaPara = new RSAParameters(); RsaKeyParameters key = null; //RSA私钥 if (isPrivateKey) { rsaPara = rsa.ExportParameters(true); key = new RsaPrivateCrtKeyParameters( new BigInteger(1, rsaPara.Modulus), new BigInteger(1, rsaPara.Exponent), new BigInteger(1, rsaPara.D), new BigInteger(1, rsaPara.P), new BigInteger(1, rsaPara.Q), new BigInteger(1, rsaPara.DP), new BigInteger(1, rsaPara.DQ), new BigInteger(1, rsaPara.InverseQ)); } //RSA公钥 else { rsaPara = rsa.ExportParameters(false); key = new RsaKeyParameters(false, new BigInteger(1, rsaPara.Modulus), new BigInteger(1, rsaPara.Exponent)); } using (TextWriter sw = new StringWriter()) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(sw); pemWriter.WriteObject(key); pemWriter.Writer.Flush(); pemKey = sw.ToString(); } return(pemKey); }
private static string CreateCertificateSigningRequest(Session session, string ckaLabel, byte[] ckaId, int defaultBits, string directDomain, string distinguishedName, int keyUsage) { // Generate key pair - Signing ObjectHandle publicKeyHandle; ObjectHandle privateKeyHandle; Pkcs11Util.GenerateKeyPair(session, ckaLabel, ckaId, out publicKeyHandle, out privateKeyHandle, defaultBits); // Generate x509 attributes for csr IList oids = new ArrayList(); IList values = new ArrayList(); oids.Add(X509Extensions.BasicConstraints); values.Add(new X509Extension( true, new DerOctetString(new BasicConstraints(true)))); oids.Add(X509Extensions.KeyUsage); values.Add(new X509Extension( true, new DerOctetString(new KeyUsage(keyUsage)))); if (directDomain.Contains("@")) { AddSubjectAltNameForRfc822Name(directDomain, oids, values); } else { AddSubjectAltNameForDnsName(directDomain, oids, values); } var attribute = new AttributePkcs( PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(oids, values))); var asn1Attributes = new DerSet(attribute); // Generate certificate request in PKCS#10 format byte[] pkcs10 = Pkcs11Util.GeneratePkcs10( session, publicKeyHandle, privateKeyHandle, distinguishedName, DigestAlgorithm.SHA256, asn1Attributes); //Export to Pem format. var sb = new StringBuilder(); var pemObject = new PemObject("CERTIFICATE REQUEST", pkcs10); using (var str = new StringWriter(sb)) { var pemWriter = new PemWriter(str); pemWriter.WriteObject(pemObject); } return(sb.ToString()); }
private void GenerateSigningRequestViaOpenSSL(string TargetCertRequestFileName, AsymmetricCipherKeyPair KeyPair) { // We expect openssl.exe to exist in the same directory as iPhonePackager string OpenSSLPath = Path.GetDirectoryName( Application.ExecutablePath ) + @"\openssl.exe"; if (!File.Exists( OpenSSLPath )) { MessageBox.Show("A version of OpenSSL is required to generate certificate requests. Please place OpenSSL.exe in Binaries\\DotNET\\IOS", Config.AppDisplayName, MessageBoxButtons.OK, MessageBoxIcon.Error); return; } string EffectiveBuildPath = (Program.GameName.Length > 0) ? Config.BuildDirectory : Path.GetFullPath("."); // Create a temporary file to write the key pair out to (in a format that OpenSSL understands) string KeyFileName = Path.GetTempFileName(); TextWriter KeyWriter = new StreamWriter(KeyFileName); PemWriter KeyWriterPEM = new PemWriter(KeyWriter); KeyWriterPEM.WriteObject(KeyPair); KeyWriter.Close(); // Create a temporary file containing the configuration settings to drive OpenSSL string ConfigFileName = Path.GetTempFileName(); TextWriter ConfigFile = new StreamWriter(ConfigFileName); ConfigFile.WriteLine("[ req ]"); ConfigFile.WriteLine("distinguished_name = req_distinguished_name"); ConfigFile.WriteLine("prompt = no"); ConfigFile.WriteLine("[ req_distinguished_name ]"); ConfigFile.WriteLine("emailAddress = {0}", EMailEditBox.Text); ConfigFile.WriteLine("commonName = {0}", CommonNameEditBox.Text); ConfigFile.WriteLine("countryName = {0}", System.Globalization.CultureInfo.CurrentCulture.TwoLetterISOLanguageName); ConfigFile.Close(); // Invoke OpenSSL to generate the certificate request Program.Log("Running OpenSSL to generate certificate request..."); string ResultsText; string Executable = OpenSSLPath; string Arguments = String.Format("req -new -nodes -out \"{0}\" -key \"{1}\" -config \"{2}\"", TargetCertRequestFileName, KeyFileName, ConfigFileName); Utilities.RunExecutableAndWait(Executable, Arguments, out ResultsText); Program.Log(ResultsText); if (!File.Exists(TargetCertRequestFileName)) { Program.Error("... Failed to generate certificate request"); } else { Program.Log("... Successfully generated certificate request '{0}'", TargetCertRequestFileName); } // Clean up the temporary files we created File.Delete(KeyFileName); File.Delete(ConfigFileName); }
private string GeneratePemFromObject(object input) { var builder = new StringBuilder(); var writer = new PemWriter(new StringWriter(builder)); writer.WriteObject(new MiscPemGenerator(input)); writer.Writer.Flush(); return builder.ToString(); }
public string DecodePublicKey(string filename) { byte[] dataKey = System.IO.File.ReadAllBytes(filename); AsymmetricKeyParameter asp = PublicKeyFactory.CreateKey(dataKey); System.IO.MemoryStream ms = new System.IO.MemoryStream(); System.IO.TextWriter writer = new System.IO.StreamWriter(ms); System.IO.StringWriter stWrite = new System.IO.StringWriter(); PemWriter pmw = new PemWriter(stWrite); pmw.WriteObject(asp); stWrite.Close(); return stWrite.ToString(); }
/// <summary> /// PEM representation of X509 certificate /// </summary> /// <param name="certificate">Certificate to get PEM representation for</param> /// <returns>PEM representation for certificate</returns> public string ExportCertificate(X509Certificate certificate) { using (var memoryStream = new MemoryStream()) { using (var streamWriter = new StreamWriter(memoryStream)) { var pemWriter = new PemWriter(streamWriter); pemWriter.WriteObject(certificate); streamWriter.Flush(); return Encoding.ASCII.GetString(memoryStream.GetBuffer()); } } }
/// <summary> /// 获取pem字符串 /// </summary> /// <param name="cert"></param> /// <returns></returns> public static string GetPublicKeyPem(X509Certificate2 cert) { var p = cert.GetRSAPublicKey().ExportParameters(false); var key = new RsaKeyParameters(false, new BigInteger(1, p.Modulus), new BigInteger(1, p.Exponent)); using (var stringWriter = new StringWriter()) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(stringWriter); pemWriter.WriteObject(key); return(stringWriter.GetStringBuilder().ToString()); } }
/// <summary> /// Crea un archivo .PEM partiendo del certificado. /// </summary> /// <param name="rutaCertificado"></param> /// <param name="RutaCerticadoPEM"></param> public void CreaArchivoExtPEM(String rutaCertificado, String RutaCerticadoPEM) { if (!File.Exists(RutaCerticadoPEM)) { Stream sr = File.OpenRead(rutaCertificado); X509CertificateParser cp = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate cert = cp.ReadCertificate(sr); Object pkey = cert.GetPublicKey(); TextWriter tw = new System.IO.StreamWriter(RutaCerticadoPEM); Org.BouncyCastle.OpenSsl.PemWriter pw = new Org.BouncyCastle.OpenSsl.PemWriter(tw); pw.WriteObject(cert); tw.Close(); } }
static string WriteKeyAsPem(AsymmetricCipherKeyPair pair, int type) { using (TextWriter textWriter = new StringWriter()) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); if (type == 0) { pemWriter.WriteObject(pair.Public); } else { pemWriter.WriteObject(pair.Private); } return(textWriter.ToString()); } }
// // Bouncy Castle PKCS#8 Formater // Output is the same as this OpenSSL command: // openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes // private string GetPkcs8Format(RSACryptoServiceProvider csp) { var rsaParams = csp.ExportParameters(true); var keyPair = DotNetUtilities.GetRsaKeyPair(rsaParams); var pkcs8Gen = new Pkcs8Generator(keyPair.Private); var pemObj = pkcs8Gen.Generate(); var sb = new StringBuilder(); using (var pkcs8Out = new StringWriter(sb)) { var pemWriter = new PemWriter(pkcs8Out); pemWriter.WriteObject(pemObj); } return(sb.ToString()); }
public static void ExportPEMPrivateKey(X509Certificate2 certificate, string filePath) { if (certificate.PrivateKey == null) { return; } var keyPair = DotNetUtilities.GetKeyPair(certificate.PrivateKey); using (TextWriter tw = new StreamWriter(filePath)) { PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(tw); pemWriter.WriteObject(keyPair.Private); tw.Flush(); tw.Close(); } }
/// <summary> /// Generates a PKCS private key from the PowerRSA object /// </summary> /// <param name="prsa"></param> /// <returns></returns> public static string ConvertPrivateKeyToPKCS(PowerRSA prsa) { var rsa = RSA.Create(); rsa.FromXmlString(prsa.PrivateKey); var bcKeyPair = DotNetUtilities.GetRsaKeyPair(rsa); var pkcs8Gen = new Pkcs8Generator(bcKeyPair.Private); var pemObj = pkcs8Gen.Generate(); string outputPem; using (var sw = new StringWriter()) { var pkcs8Out = sw; var pemWriter = new PemWriter(pkcs8Out); pemWriter.WriteObject(pemObj); pkcs8Out.Close(); outputPem = sw.ToString(); } return outputPem; }
public static string LoadPrivateKey(string fileName, string password) { AsymmetricKeyParameter akp; StringWriter str_writer; PemWriter pem_writer; byte[] dataKey; str_writer = new StringWriter (); dataKey = File.ReadAllBytes (fileName); akp = PrivateKeyFactory.DecryptKey (password.ToCharArray (), dataKey); pem_writer = new PemWriter (str_writer); pem_writer.WriteObject (akp); str_writer.Close (); return str_writer.ToString (); }
/// <summary> /// PEM representation of the key pair /// </summary> /// <param name="keyPair">Key value pair</param> /// <returns>Key pair in pem format</returns> public string ExportKeyPair(AsymmetricCipherKeyPair keyPair) { // using Bouncy Castle, so that we are 100% sure that the result is exaclty the same as: // openssl pkcs12 -in filename.pfx -nocerts -out privateKey.pem // openssl rsa -in privateKey.pem -out private.pem using (var memoryStream = new MemoryStream()) { using (var streamWriter = new StreamWriter(memoryStream)) { var pemWriter = new PemWriter(streamWriter); pemWriter.WriteObject(keyPair.Private); streamWriter.Flush(); // Here is the output with ---BEGIN RSA PRIVATE KEY--- // that should be exactly the same as in private.pem return Encoding.ASCII.GetString(memoryStream.GetBuffer()); } } }
/// <summary> /// 获取私钥 /// </summary> /// <param name="cert"></param> /// <returns></returns> public static string GetPrivateKeyPem(X509Certificate2 cert) { try { var p = cert.GetRSAPrivateKey().ExportParameters(true); var key = new RsaPrivateCrtKeyParameters( new Org.BouncyCastle.Math.BigInteger(1, p.Modulus), new Org.BouncyCastle.Math.BigInteger(1, p.Exponent), new Org.BouncyCastle.Math.BigInteger(1, p.D), new Org.BouncyCastle.Math.BigInteger(1, p.P), new Org.BouncyCastle.Math.BigInteger(1, p.Q), new Org.BouncyCastle.Math.BigInteger(1, p.DP), new Org.BouncyCastle.Math.BigInteger(1, p.DQ), new Org.BouncyCastle.Math.BigInteger(1, p.InverseQ)); using (var stringWriter = new StringWriter()) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(stringWriter); pemWriter.WriteObject(key); return(stringWriter.GetStringBuilder().ToString()); } } catch { throw new Exception("cert必须具有 X509KeyStorageFlags.Exportable 标识,才能导出私钥。"); } }
/// <summary> /// Export a certificate to a PEM format string /// </summary> /// <param name="cert">The certificate to export</param> /// <returns>A PEM encoded string</returns> public static string ExportToPEM(X509Certificate cert) { StringWriter swriter = new StringWriter(); PemWriter writer = new PemWriter(swriter); writer.WriteObject(new X509.X509CertificateParser().ReadCertificate(cert.Export(X509ContentType.Cert))); return swriter.ToString(); }
public override void Serialize(Stream aStream, object aObject) { /* check for required parameters */ if (aStream == null) { throw new ArgumentNullException("aStream"); } if (aObject == null) { throw new ArgumentNullException("aObject"); } PasswordFinder pwFinder = null; if (GetPassphraseCallbackMethod != null) { pwFinder = new PasswordFinder(GetPassphraseCallbackMethod); } StreamWriter streamWriter = new StreamWriter(aStream); PemWriter writer = new PemWriter(streamWriter); PinnedArray<char> passphrase = null; if (pwFinder != null) { passphrase = new PinnedArray<char>(0); passphrase.Data = pwFinder.GetPassword(); } if (passphrase == null) { writer.WriteObject(aObject); } else { writer.WriteObject(aObject, null, passphrase.Data, null); passphrase.Dispose(); } }
private async Task SaveCertKeyPair() { var settings = ApplicationData.Current.RoamingSettings; PemWriter certWriter = new PemWriter(new StringWriter()); PemWriter keyWriter = new PemWriter(new StringWriter()); keyWriter.WriteObject(keyPair); keyWriter.Writer.Flush(); // Add the cert to the cert store. This changes the fingerprint so we read it // back before we serialize it so we have the up to date cert. await AddToWinCertStore(); // Read the modified cert from the cert store IEnumerable<Certificate> certificates = await CertificateStores.FindAllAsync(new CertificateQuery { FriendlyName = "Limelight-Client" }); cert = new X509CertificateParser().ReadCertificate(certificates.Single().GetCertificateBlob().AsStream()); certWriter.WriteObject(cert); certWriter.Writer.Flush(); // Line endings MUST be UNIX for the PC to accept the cert properly string keyStr = keyWriter.Writer.ToString(); keyStr = keyStr.Replace("\r\n", "\n"); string certStr = certWriter.Writer.ToString(); certStr = certStr.Replace("\r\n", "\n"); settings.Values["cert"] = certStr; settings.Values["key"] = keyStr; }
/// <summary> /// Export an RSA key to a PEM format string /// </summary> /// <param name="rsa">The RSA key to export (must be exportable)</param> /// <param name="password">An optional password</param> /// <returns>A PEM string form of the key</returns> public static string ExportToPEM(RSA rsa, SecureString password) { StringWriter swriter = new StringWriter(); PemWriter writer = new PemWriter(swriter); RSAParameters ps = rsa.ExportParameters(true); BigInteger modulus = new BigInteger(1, ps.Modulus); BigInteger exp = new BigInteger(1, ps.Exponent); BigInteger d = new BigInteger(1, ps.D); BigInteger p = new BigInteger(1, ps.P); BigInteger q = new BigInteger(1, ps.Q); BigInteger dp = new BigInteger(1, ps.DP); BigInteger dq = new BigInteger(1, ps.DQ); BigInteger qinv = new BigInteger(1, ps.InverseQ); RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(modulus, exp, d, p, q, dp, dq, qinv); if (password != null) { writer.WriteObject(privKey, "DES-EDE3-CBC", SecureStringToCharArray(password), new Org.BouncyCastle.Security.SecureRandom()); } else { writer.WriteObject(privKey); } return swriter.ToString(); }
/// <summary> /// Erstellt die für die PKCS#10-Datei notwendigen Daten /// </summary> /// <returns>Die für die PKCS#10-Datei notwendigen Daten</returns> public Pkcs10Data CreateRequest() { var sigAlgoName = "SHA256WITHRSA"; var subject = new X509Name( true, $"CN={Requester.Surname}, OU={Requester.Number}, OU={Requester.CompanyName}, O={"ITSG TrustCenter fuer Arbeitgeber"}, C={"DE"}", new Pkcs.X509ItsgEntryConverter() ); var rng = new SecureRandom(); var rsaKeyPair = RSA; if (rsaKeyPair == null) { var keyPairGen = new RsaKeyPairGenerator(); keyPairGen.Init(new KeyGenerationParameters(rng, 2048)); rsaKeyPair = keyPairGen.GenerateKeyPair(); } var csr = new Pkcs10CertificationRequest(sigAlgoName, subject, rsaKeyPair.Public, null, rsaKeyPair.Private); var outputCsrPem = new StringWriter(); { var pemWriter = new PemWriter(outputCsrPem); pemWriter.WriteObject(csr); } var outputPrivateKeyPem = new StringWriter(); { var pemWriter = new PemWriter(outputPrivateKeyPem); if (string.IsNullOrEmpty(Password)) { pemWriter.WriteObject(rsaKeyPair.Private); } else { pemWriter.WriteObject( rsaKeyPair.Private, "des-ede3-cbc", Password.ToCharArray(), rng ); } } var rsaPubKey = (RsaKeyParameters)rsaKeyPair.Public; var rawPubKeyData = OstcUtils.CalculatePublicKeyHash(rsaPubKey); return new Pkcs10Data(csr.GetEncoded(), outputCsrPem.ToString(), outputPrivateKeyPem.ToString(), rawPubKeyData); }
/// <summary> /// /// </summary> /// <remarks>Based on <see cref="http://www.fkollmann.de/v2/post/Creating-certificates-using-BouncyCastle.aspx"/></remarks> /// <param name="subjectName"></param> /// <returns></returns> public static void z_dep_GenerateCertificate(string subjectName, long serialNumber, DateTime expireOn, System.Security.Cryptography.X509Certificates.X509Certificate2 issuingCertificate, out string thumbprint, out string pemPrivateKey, out string pemPublicCert, out byte[] publicCert, out byte[] pkcs12Data, out string password) { AsymmetricKeyParameter caPrivateKey; var caCert = ReadCertificateFromX509Certificate2(issuingCertificate, out caPrivateKey); //var caAuth = new AuthorityKeyIdentifierStructure(caCert); //var authKeyId = new AuthorityKeyIdentifier(caAuth.GetKeyIdentifier()); // --------------------------- // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var gen = new X509V3CertificateGenerator(); // var certName = new X509Name("CN=" + subjectName); var list = new Dictionary<string, string>(); AddItems(list, "CN", subjectName); AddItems(list, "O", "CompliaShield"); AddItems(list, "OU", "CompliaShield"); //var simpleCertName = GetItemString(list); //var certNameLight = new X509Name(simpleCertName); list.Add("L", "Boulder"); list.Add("ST", "Colorado"); list.Add("C", "US"); var subjectFull = GetItemString(list); var certName = new X509Name(subjectFull); BigInteger serialNo; if (serialNumber == 0) { serialNo = BigInteger.ProbablePrime(120, random); } else { serialNo = BigInteger.ValueOf(serialNumber); } gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(caCert.IssuerDN); var issuerPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(caCert.GetPublicKey()); var issuerGeneralNames = new GeneralNames(new GeneralName(caCert.IssuerDN)); var issuerSerialNumber = caCert.SerialNumber; var authorityKeyIdentifier = new AuthorityKeyIdentifier(issuerPublicKeyInfo, issuerGeneralNames, issuerSerialNumber); gen.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authorityKeyIdentifier); // gen.SetIssuerUniqueID(caCert.IssuerUniqueID.GetBytes()) gen.SetNotAfter(expireOn); gen.SetNotBefore(DateTime.Now.AddHours(-2)); gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA"); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); // new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); gen.SetPublicKey(subjectKeyPair.Public); gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPCodeSigning })); //1.3.6.1.5.5.7.3.1 = server authentication //1.3.6.1.5.5.7.3.2 = client authentication //1.3.6.1.5.5.7.3.3 = code signing var certificate = gen.Generate(caPrivateKey); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key."); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); //------------- //RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)subjectKeyPair.Private; RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); // ------------ x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams); // Generating Random Numbers var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!{}[]*.,"; var rnd = new Random(); password = new string( Enumerable.Repeat(chars, 32) .Select(s => s[rnd.Next(s.Length)]) .ToArray()); thumbprint = x509.Thumbprint.ToLower(); publicCert = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(certificate); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); pemPrivateKey = privateKeyPem.ToString(); var publicKeyPem = new StringBuilder(); var utf8WithoutBom = new System.Text.UTF8Encoding(false); var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom)); publicKeyPemWriter.WriteObject(certificate); publicKeyPemWriter.Writer.Flush(); pemPublicCert = publicKeyPem.ToString(); pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); }
public void GenerateKeyPairs() { var keyPair = GetKeyPair(); var publicKey = (RsaKeyParameters) keyPair.Public; var privateKey = (RsaKeyParameters) keyPair.Private; var publicWriter = new StringWriter(); var pemWriter = new PemWriter(publicWriter); pemWriter.WriteObject(publicKey); pemWriter.Writer.Flush(); PublicKey = StringToSecureString(Base64Encode(publicWriter.ToString())); publicWriter.Close(); var privateWriter = new StringWriter(); var pemWriterP = new PemWriter(privateWriter); pemWriterP.WriteObject(privateKey); pemWriterP.Writer.Flush(); PrivateKey = StringToSecureString(Base64Encode(privateWriter.ToString())); privateWriter.Close(); }
public static void GenerateRootCertificate(string subjectName, long serialNumber, DateTime expireOn, bool isCertificateAuthority, out string thumbprint, out string pemPrivateKey, out string pemPublicCert, out byte[] publicCert, out byte[] pkcs12Data, out string password) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); //new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + subjectName); BigInteger serialNo; if (serialNumber == 0) { serialNo = BigInteger.ProbablePrime(120, random); } else { serialNo = BigInteger.ValueOf(serialNumber); } gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotAfter(expireOn); gen.SetNotBefore(DateTime.Now.Date); gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA"); gen.SetPublicKey(subjectKeyPair.Public); gen.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(isCertificateAuthority)); //// NOT WORKING... NOT PASSING CERTIFICATE ISSUING ALLOWED //if (isCertificateAuthority) //{ // gen.AddExtension( // X509Extensions.BasicConstraints., // true, // new BasicConstraints(isCertificateAuthority)); //} var certificate = gen.Generate(subjectKeyPair.Private, random); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key."); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams); // Generating Random Numbers var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!"; var rnd = new Random(); password = new string( Enumerable.Repeat(chars, 32) .Select(s => s[rnd.Next(s.Length)]) .ToArray()); thumbprint = x509.Thumbprint.ToLower(); publicCert = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(certificate); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); pemPrivateKey = privateKeyPem.ToString(); var publicKeyPem = new StringBuilder(); var utf8WithoutBom = new System.Text.UTF8Encoding(false); var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom)); publicKeyPemWriter.WriteObject(certificate); publicKeyPemWriter.Writer.Flush(); pemPublicCert = publicKeyPem.ToString(); pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); }
public static void WriteRSAKeys(AsymmetricCipherKeyPair Keys, string Path) { AsymmetricKeyParameter PublicKey = Keys.Public; AsymmetricKeyParameter PrivateKey = Keys.Private; string Extension = System.IO.Path.GetExtension(Path); string PublicPath = (Extension.Length != 0) ? Path.Replace(Extension, "_public" + Extension) : Path + "_public"; string PrivatePath = (Extension.Length != 0) ? Path.Replace(Extension, "_private" + Extension) : Path + "_private"; TextWriter tw = new StreamWriter(PublicPath); PemWriter pw = new PemWriter(tw); pw.WriteObject(PublicKey); pw.Writer.Flush(); pw.Writer.Close(); tw.Close(); tw = new StreamWriter(PrivatePath); pw = new PemWriter(tw); pw.WriteObject(PrivateKey); pw.Writer.Flush(); pw.Writer.Close(); tw.Close(); }
public string getXmrPublicKey() { AsymmetricCipherKeyPair key = getXmrKey(); using (TextWriter textWriter = new StringWriter()) { PemWriter writer = new PemWriter(textWriter); writer.WriteObject(key.Public); writer.Writer.Flush(); return textWriter.ToString(); } }
public string GetPemData() { var textWriter = new StringWriter(); var pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(KeyPair.Private, "DESEDE", UserPassword.ToCharArray(), new SecureRandom()); pemWriter.Writer.Flush(); return textWriter.ToString(); }
/** * Returns the encoded form of this certification path, using * the specified encoding. * * @param encoding the name of the encoding to use * @return the encoded bytes * @exception CertificateEncodingException if an encoding error * occurs or the encoding requested is not supported * */ public virtual byte[] GetEncoded( string encoding) { if (Platform.CompareIgnoreCase(encoding, "PkiPath") == 0) { Asn1EncodableVector v = new Asn1EncodableVector(); for (int i = certificates.Count - 1; i >= 0; i--) { v.Add(ToAsn1Object((X509Certificate) certificates[i])); } return ToDerEncoded(new DerSequence(v)); } else if (Platform.CompareIgnoreCase(encoding, "PKCS7") == 0) { Asn1.Pkcs.ContentInfo encInfo = new Asn1.Pkcs.ContentInfo( PkcsObjectIdentifiers.Data, null); Asn1EncodableVector v = new Asn1EncodableVector(); for (int i = 0; i != certificates.Count; i++) { v.Add(ToAsn1Object((X509Certificate)certificates[i])); } Asn1.Pkcs.SignedData sd = new Asn1.Pkcs.SignedData( new DerInteger(1), new DerSet(), encInfo, new DerSet(v), null, new DerSet()); return ToDerEncoded(new Asn1.Pkcs.ContentInfo(PkcsObjectIdentifiers.SignedData, sd)); } else if (Platform.CompareIgnoreCase(encoding, "PEM") == 0) { MemoryStream bOut = new MemoryStream(); PemWriter pWrt = new PemWriter(new StreamWriter(bOut)); try { for (int i = 0; i != certificates.Count; i++) { pWrt.WriteObject(certificates[i]); } pWrt.Writer.Close(); } catch (Exception) { throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); } return bOut.ToArray(); } else { throw new CertificateEncodingException("unsupported encoding: " + encoding); } }
public void generateCSR(string electoralEampaign, string user, string password) { X509Name name = new X509Name("C=PL, ST=Mazowieckie, L=Warszawa, O=KBW, E=-, OU=" + electoralEampaign + ", CN=" + user); RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator(); RsaKeyGenerationParameters param = new RsaKeyGenerationParameters(BigInteger.ValueOf(3L), new SecureRandom(), 2048, 25); keyGenerator.Init(param); AsymmetricCipherKeyPair ackp = keyGenerator.GenerateKeyPair(); Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA1WITHRSA", name, ackp.Public, null, ackp.Private); System.Text.StringBuilder CSRPem = new System.Text.StringBuilder(); PemWriter CSRPemWriter = new PemWriter(new System.IO.StringWriter(CSRPem)); CSRPemWriter.WriteObject(csr); CSRPemWriter.Writer.Flush(); this.generatedCSR = CSRPem.ToString(); System.Text.StringBuilder PrivateKeyPem = new System.Text.StringBuilder(); PemWriter PrivateKeyPemWriter = new PemWriter(new System.IO.StringWriter(PrivateKeyPem)); PrivateKeyPemWriter.WriteObject(ackp.Private); CSRPemWriter.Writer.Flush(); this.keys = PrivateKeyPem.ToString(); AsymmetricKeyParameter publicKey = ackp.Public; AsymmetricKeyParameter privateKey = ackp.Private; System.IO.StringWriter sw = new System.IO.StringWriter(); PemWriter pw = new PemWriter(sw); pw.WriteObject(privateKey, "AES-256-CBC", password.ToCharArray(), new SecureRandom()); pw.Writer.Close(); this.keys = sw.ToString(); if (!System.IO.Directory.Exists(this.path + "\\Licenses")) { try { System.IO.Directory.CreateDirectory(this.path + "\\Licenses"); } catch (System.ArgumentNullException) { MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error"); } catch (System.ArgumentException) { MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error"); } catch (System.UnauthorizedAccessException) { MessageBox.Show("Nie masz uprawnień do tworzenia katalogów. Otwórz aplikacje jako adnimistrator.", "Uwaga"); } catch (System.IO.PathTooLongException) { MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error"); } catch (System.IO.DirectoryNotFoundException) { MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error"); } catch (System.NotSupportedException) { MessageBox.Show("Nieprawidłowy format ścieżki. Nie można utworzyć katalogu \"Licenses\"", "Error"); } catch (System.IO.IOException) { MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error"); } } string namefile = ""; try { int tmp = System.IO.Directory.GetFiles(this.path + "\\Licenses", electoralEampaign.Replace("/", "_") + "_" + user + "*.csr").Length + 1; if (tmp > 1) { string num = tmp.ToString(); namefile = string.Concat(new string[] { electoralEampaign.Replace("/", "_"), "_", user, " ", num }); } else { namefile = electoralEampaign.Replace("/", "_") + "_" + user; } } catch (System.Exception) { namefile = electoralEampaign.Replace("/", "_") + "_" + user; } try { System.IO.StreamWriter sw2 = new System.IO.StreamWriter(this.path + "\\Licenses\\" + namefile + ".csr", false); sw2.Write(this.generatedCSR); sw2.Close(); sw2 = new System.IO.StreamWriter(this.path + "\\Licenses\\" + namefile + ".key", false); sw2.Write(this.keys); sw2.Close(); } catch (System.ArgumentNullException) { MessageBox.Show("Błędna ścieżka", "Error"); } catch (System.ArgumentException) { MessageBox.Show("Błędna ścieżka", "Error"); } catch (System.IO.DirectoryNotFoundException) { MessageBox.Show("Nie znaleziono katalogu", "Error"); } catch (System.IO.PathTooLongException) { MessageBox.Show("Zbyt długa ścieżka do katalogu", "Error"); } catch (System.IO.IOException) { MessageBox.Show("Podano ścieżke do pliku zamiast katalogu", "Error"); } catch (System.UnauthorizedAccessException) { MessageBox.Show("Program nie posiada uprawnień do zapisywania plików. Otwórz aplikacje jako Administrator", "Error"); } catch (System.Exception e) { MessageBox.Show("Nie można zapisać pliku. Orginal error: " + e.Message, "Error"); } }
private static string pemEncode(AsymmetricKeyParameter key) { System.IO.TextWriter textWriter = new StringWriter(); PemWriter pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(key); pemWriter.Writer.Flush(); string encoded = textWriter.ToString(); var splited = encoded.Split(new string[] { textWriter.NewLine }, StringSplitOptions.None); //Console.WriteLine(encoded); return encoded; }
public void TestMethod1() { // this snippet can be easily used in any normal c# project as well by simply removing the .Dump() methods // and saving the output into a variable / file of your choice. // you'll need to add BouncyCastle.Crypto nuget to use this. // tested on 1.8.0-beta4 AsymmetricCipherKeyPair pair; Pkcs10CertificationRequest csr; var ecMode = false; var values = new Dictionary<DerObjectIdentifier, string> { {X509Name.CN, ""}, //domain name {X509Name.OU, "Domain Control Validated"}, {X509Name.O, ""}, //Organisation's Legal name {X509Name.L, "London"}, {X509Name.ST, "England"}, {X509Name.C, "GB"}, }; var subjectAlternateNames = new GeneralName[] { }; var extensions = new Dictionary<DerObjectIdentifier, X509Extension>() { {X509Extensions.BasicConstraints, new X509Extension(true, new DerOctetString(new BasicConstraints(false)))}, {X509Extensions.KeyUsage, new X509Extension(true, new DerOctetString(new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment | KeyUsage.DataEncipherment | KeyUsage.NonRepudiation)))}, {X509Extensions.ExtendedKeyUsage, new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)))}, }; if (values[X509Name.CN].StartsWith("www.")) values[X509Name.CN] = values[X509Name.CN].Substring(4); if (!values[X509Name.CN].StartsWith("*.") && subjectAlternateNames.Length == 0) subjectAlternateNames = new GeneralName[] { new GeneralName(GeneralName.DnsName, $"www.{values[X509Name.CN]}") }; if (subjectAlternateNames.Length > 0) extensions.Add(X509Extensions.SubjectAlternativeName, new X509Extension(false, new DerOctetString(new GeneralNames(subjectAlternateNames)))); var subject = new X509Name(values.Keys.Reverse().ToList(), values); if (ecMode) { var gen = new ECKeyPairGenerator(); var ecp = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp384r1"); gen.Init(new ECKeyGenerationParameters(new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed()), new SecureRandom())); pair = gen.GenerateKeyPair(); extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(false, new DerOctetString(new SubjectKeyIdentifierStructure(pair.Public)))); csr = new Pkcs10CertificationRequest("SHA256withECDSA", subject, pair.Public, new DerSet(new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(extensions)))), pair.Private); } else { var gen = new RsaKeyPairGenerator(); gen.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); pair = gen.GenerateKeyPair(); extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(false, new DerOctetString(new SubjectKeyIdentifierStructure(pair.Public)))); csr = new Pkcs10CertificationRequest("SHA256withRSA", subject, pair.Public, new DerSet(new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(extensions)))), pair.Private); } //Convert BouncyCastle csr to .PEM file. var csrPem = new StringBuilder(); var csrPemWriter = new PemWriter(new StringWriter(csrPem)); csrPemWriter.WriteObject(csr); csrPemWriter.Writer.Flush(); Console.WriteLine(csrPem.ToString()); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(pair.Private); csrPemWriter.Writer.Flush(); //privateKeyPem.ToString().Dump("Private Key"); }
private static void GenerateSigningCertificate(ICertificatePolicy certificatePolicy, out string thumbprint, out string pemPublicCert, out byte[] pkcs12Data, out System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); X509Name certName; if (certificatePolicy.X509NameDictionary == null || !certificatePolicy.X509NameDictionary.Any()) { certName = new X509Name("CN=" + certificatePolicy.CommonName); } else { var list = new Dictionary<string, string>(); AddSubjectNameItem(list, "CN", certificatePolicy.CommonName); foreach (var item in certificatePolicy.X509NameDictionary) { AddSubjectNameItem(list, item.Key, item.Value); } certName = new X509Name(GetSubjectNameItemString(list)); } BigInteger serialNo; serialNo = BigInteger.ProbablePrime(120, random); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotBefore(DateTime.UtcNow.AddHours(-2)); // go back 2 hours just to be safe gen.SetNotAfter(DateTime.UtcNow.AddDays(certificatePolicy.ValidForDays)); gen.SetSignatureAlgorithm("SHA256WithRSA"); gen.SetPublicKey(subjectKeyPair.Public); gen.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false)); gen.AddExtension(X509Extensions.KeyUsage.Id, true, new KeyUsage(KeyUsage.DigitalSignature)); // handle our key purposes if (!certificatePolicy.AllPurposes) { var purposes = new List<KeyPurposeID>(); if (certificatePolicy.ServerAuthentication) { purposes.Add(KeyPurposeID.IdKPServerAuth); } if (certificatePolicy.ClientAuthentication) { purposes.Add(KeyPurposeID.IdKPClientAuth); } if (certificatePolicy.CodeSigning) { purposes.Add(KeyPurposeID.IdKPCodeSigning); } if (purposes.Any()) { gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, true, new ExtendedKeyUsage(purposes.ToArray())); } } var certificate = gen.Generate(subjectKeyPair.Private, random); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key."); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // this is exportable to get the bytes of the key to our file system in an encrypted manner RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.PersistKeyInCsp = false; // do not persist rsaKey.ImportParameters(rsaParameters); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); x509.PrivateKey = rsaKey; // this is non-exportable CspParameters cspParametersNoExport = new CspParameters(); cspParametersNoExport.KeyContainerName = Guid.NewGuid().ToString(); cspParametersNoExport.Flags = CspProviderFlags.UseNonExportableKey; RSACryptoServiceProvider rsaKey2 = new RSACryptoServiceProvider(2048, cspParametersNoExport); rsaKey2.PersistKeyInCsp = false; // do not persist rsaKey2.ImportParameters(rsaParameters); x509Certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); x509Certificate2.PrivateKey = rsaKey2; //// Generating Random Numbers //var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!"; //var rnd = new Random(); //password = new string( // Enumerable.Repeat(chars, 15) // .Select(s => s[rnd.Next(s.Length)]) // .ToArray()); thumbprint = x509.Thumbprint.ToLower(); var publicKeyPem = new StringBuilder(); var utf8WithoutBom = new System.Text.UTF8Encoding(false); var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom)); publicKeyPemWriter.WriteObject(certificate); publicKeyPemWriter.Writer.Flush(); pemPublicCert = publicKeyPem.ToString(); pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx); }
public static byte[] GenerateRootCertificate(string subjectName, string password, out string pemValue) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); //new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + subjectName); BigInteger serialNo = BigInteger.ValueOf(4); //BigInteger.ProbablePrime(120, random); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotAfter(DateTime.Now.AddYears(100)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA"); gen.SetPublicKey(subjectKeyPair.Public); //gen.AddExtension( // X509Extensions.SubjectKeyIdentifier, // false, // new SubjectKeyIdentifierStructure(kp.Public) // ); //gen.AddExtension( // X509Extensions.AuthorityKeyIdentifier.Id, // false, // new AuthorityKeyIdentifier( // SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public), // new GeneralNames(new GeneralName(certName)), // serialNo)); var certificate = gen.Generate(subjectKeyPair.Private, random); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(certificate); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); pemValue = privateKeyPem.ToString(); System.IO.File.WriteAllText(@"C:\_rootCa.pem", pemValue); //var certBytes = DotNetUtilities.ToX509Certificate(certificate).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, password); //var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); //RSA rsaPriv = DotNetUtilities.ToRSA(subjectKeyPair.Private as RsaPrivateCrtKeyParameters); // PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); //------------- //RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)subjectKeyPair.Private; RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); // ------------ x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams); // var x509Bytes = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert, password); System.IO.File.WriteAllBytes(@"C:\_rootCa.cer", x509Bytes); var x509Bytes2 = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); System.IO.File.WriteAllBytes(@"C:\_rootCa.pfx", x509Bytes2); return x509Bytes; }
/// <summary> /// Static method used to create a certificate and return as a .net object /// </summary> public static X509Certificate2 Create(string name, DateTime start, DateTime end, string userPassword, bool addtoStore = false, string exportDirectory = null) { // generate a key pair using RSA var generator = new RsaKeyPairGenerator(); // keys have to be a minimum of 2048 bits for Azure generator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048)); AsymmetricCipherKeyPair cerKp = generator.GenerateKeyPair(); // get a copy of the private key AsymmetricKeyParameter privateKey = cerKp.Private; // create the CN using the name passed in and create a unique serial number for the cert var certName = new X509Name("CN=" + name); BigInteger serialNo = BigInteger.ProbablePrime(120, new Random()); // start the generator and set CN/DN and serial number and valid period var x509Generator = new X509V3CertificateGenerator(); x509Generator.SetSerialNumber(serialNo); x509Generator.SetSubjectDN(certName); x509Generator.SetIssuerDN(certName); x509Generator.SetNotBefore(start); x509Generator.SetNotAfter(end); // add the server authentication key usage var keyUsage = new KeyUsage(KeyUsage.KeyEncipherment); x509Generator.AddExtension(X509Extensions.KeyUsage, false, keyUsage.ToAsn1Object()); var extendedKeyUsage = new ExtendedKeyUsage(new[] {KeyPurposeID.IdKPServerAuth}); x509Generator.AddExtension(X509Extensions.ExtendedKeyUsage, true, extendedKeyUsage.ToAsn1Object()); // algorithm can only be SHA1 ?? x509Generator.SetSignatureAlgorithm("sha1WithRSA"); // Set the key pair x509Generator.SetPublicKey(cerKp.Public); X509Certificate certificate = x509Generator.Generate(cerKp.Private); // export the certificate bytes byte[] certStream = DotNetUtilities.ToX509Certificate(certificate).Export(X509ContentType.Pkcs12, userPassword); // build the key parameter and the certificate entry var keyEntry = new AsymmetricKeyEntry(privateKey); var entry = new X509CertificateEntry(certificate); // build the PKCS#12 store to encapsulate the certificate var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); builder.SetCertAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption); builder.SetKeyAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption); builder.Build(); // create a memorystream to hold the output var stream = new MemoryStream(10000); // create the individual store and set two entries for cert and key var store = new Pkcs12Store(); store.SetCertificateEntry("Created by Fluent Management", entry); store.SetKeyEntry("Created by Fluent Management", keyEntry, new[] { entry }); store.Save(stream, userPassword.ToCharArray(), new SecureRandom()); // Create the equivalent C# representation var cert = new X509Certificate2(stream.GetBuffer(), userPassword, X509KeyStorageFlags.Exportable); // set up the PEM writer too if (exportDirectory != null) { var textWriter = new StringWriter(); var pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(cerKp.Private, "DESEDE", userPassword.ToCharArray(), new SecureRandom()); pemWriter.Writer.Flush(); string privateKeyPem = textWriter.ToString(); using (var writer = new StreamWriter(Path.Combine(exportDirectory, cert.Thumbprint + ".pem"))) { writer.WriteLine(privateKeyPem); } // also export the certs - first the .pfx byte[] privateKeyBytes = cert.Export(X509ContentType.Pfx, userPassword); using (var writer = new FileStream(Path.Combine(exportDirectory, cert.Thumbprint + ".pfx"), FileMode.OpenOrCreate, FileAccess.Write)) { writer.Write(privateKeyBytes, 0, privateKeyBytes.Length); } // also export the certs - then the .cer byte[] publicKeyBytes = cert.Export(X509ContentType.Cert); using (var writer = new FileStream(Path.Combine(exportDirectory, cert.Thumbprint + ".cer"), FileMode.OpenOrCreate, FileAccess.Write)) { writer.Write(publicKeyBytes, 0, publicKeyBytes.Length); } } // if specified then this add this certificate to the store if (addtoStore) AddToMyStore(cert); return cert; }
private void GenerateKey(string fileName) { string fileNamePublic = fileName + ".pub"; if (File.Exists(fileNamePublic) && ShowMessageBox("Overwrite", "File " + fileNamePublic + " already exists. Overwrite?", MessageBoxButtons.YesNo, MessageBoxIcon.Warning) == DialogResult.No) { return; } RsaKeyPairGenerator g = new RsaKeyPairGenerator(); g.Init(new KeyGenerationParameters(new SecureRandom(), Convert.ToInt32(cbKeyLength.Text, 10))); AsymmetricCipherKeyPair pair = g.GenerateKeyPair(); //PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private); //byte [] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetDerEncoded(); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pair.Public); byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded(); //Save private key to filename try { using (StreamWriter file = new StreamWriter(fileName)) { PemWriter pWrt = new PemWriter(file); pWrt.WriteObject(pair); pWrt.Writer.Close(); } //Save public key to filename using (StreamWriter file = new StreamWriter(fileNamePublic)) { PemWriter pWrt = new PemWriter(file); pWrt.WriteObject(pair.Public); pWrt.Writer.Close(); } } catch (Exception ex) { ShowMessageBox("Key file error.", "Couldn't save key pair:\n" + ex.Message, MessageBoxButtons.OK, MessageBoxIcon.Error); return; } UpdateSuggestedDns(Convert.ToBase64String(serializedPublicBytes)); SetDomainKeyPath(fileName); }
public void CommitCryptoStuffToRegistry() { Org.BouncyCastle.OpenSsl.PemWriter PW; MemoryStream MS; TextWriter TW; if (sHostID == null || RootKey == null || RootCertificate == null || HostKey == null || HostCertificate == null) return; RegistryKey RKey = Registry.CurrentUser.CreateSubKey("Software\\jPhone\\" + _UniqueDeviceID); if (RKey != null) { RKey.SetValue("HostID", sHostID); MS = new MemoryStream(); TW = new StreamWriter(MS); PW = new Org.BouncyCastle.OpenSsl.PemWriter(TW); PW.WriteObject(RootKey); RKey.SetValue("RootKey", MS.GetBuffer()); TW.Close(); MS.Close(); MS = new MemoryStream(); TW = new StreamWriter(MS); PW = new Org.BouncyCastle.OpenSsl.PemWriter(TW); PW.WriteObject(RootCertificate); RKey.SetValue("RootCert", MS.GetBuffer()); TW.Close(); MS.Close(); MS = new MemoryStream(); TW = new StreamWriter(MS); PW = new Org.BouncyCastle.OpenSsl.PemWriter(TW); PW.WriteObject(HostKey); RKey.SetValue("HostKey", MS.GetBuffer()); TW.Close(); MS.Close(); MS = new MemoryStream(); TW = new StreamWriter(MS); PW = new Org.BouncyCastle.OpenSsl.PemWriter(TW); PW.WriteObject(HostCertificate); RKey.SetValue("HostCert", MS.GetBuffer()); TW.Close(); MS.Close(); RKey.Close(); } }
public static void GenerateRootCertificate(string subjectName, DateTime expireOnUtc, out string password, out string pemValue, out byte[] cerData, out byte[] pkcs12Data) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + subjectName); BigInteger serialNo = BigInteger.ProbablePrime(120, random); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotAfter(expireOnUtc); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA256WithRSA"); gen.SetPublicKey(subjectKeyPair.Public); var certificate = gen.Generate(subjectKeyPair.Private, random); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(certificate); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); pemValue = privateKeyPem.ToString(); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var x509 = X509CertificateHelper.GetCertificate(certificate.GetEncoded(), null, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key."); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); x509.PrivateKey = rsaKey; // Generating Random Numbers var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!"; var rnd = new Random(); var result = new string( Enumerable.Repeat(chars, 15) .Select(s => s[rnd.Next(s.Length)]) .ToArray()); password = result; cerData = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert); pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); }